Setting up a reverse proxy
A reverse proxy server is a kind of proxy server that broadcasts client requests from an external network to one or more servers located within the internal network. In the following article, we will tell you what it's for and how to configure it if necessary using the example of the Nginx web server.
Why do we need a reverse proxy?
There can be several scenarios for using the technology. Let's consider the main ones:
- Hiding the existence of the servers it polls, as well as their characteristics.
- Protection against DoS and DDoS – for this in conjunction with the reverse proxy system administrators put a software firewall.
- As a crutch – if the main site does not support connection via SSL, you can connect a reverse proxy server with a hardware SSL acceleration.
- Use as a load balancer – such a server can provide even load distribution between two, three, or more servers.
- Reducing the load on the primary server by placing dynamic and static content on the reverse proxy. This method is often called acceleration.
- Data compression in order to reduce load time.
- Can be used for secure and convenient A/B testing.
Now you know what the reverse proxy is for. Let's move on to practice.
Using Nginx as a reverse proxy
The first thing to do is to open the configuration file of the domain server block. In it, you need to specify the location and the proxy server
server { listen 80; server_name www.example.com example.com; location /app { proxy_pass http://127.0.0.1:7070; } }
The URL of the server to be proxied is set with the proxy_pass directive proxy_pass. This allows you to use HTTP or HTTPS:
- as a protocol;
- domain;
- IP address;
- optional port;
- unified resource identifier as an address.
The above configuration instructs Nginx to forward all requests to /app to the proxy at http://127.0.0.1:7070. You can change it to the IP you want. This is provided for reference only.
Files with server blocks are stored in /etc/nginx/sites-available – if you use Ubuntu or Debian, as well as in /etc/nginx/conf.d if using CentOS.
To illustrate how the proxy_pass location and proxy_pass directive works, let's take a simple example:
server { listen 80; server_name www.example.com example.com; location /blog { proxy_pass http://node1.com:6000/wordpress/; } }
When a visitor goes to http://example.com/blog/my-post, the Nginx web server proxies the request to http://node1.com:6000/wordpress/my-post.
If the address of the proxied server contains a unified resource identifier, ( /wordpress/ ), the request URI translated to the proxied server is replaced by the URI specified in the directive. In case the proxy server address is specified without a unified resource identifier, the full request URI is sent to the proxy server.
How to configure Nginx as a reverse proxy for a proxy server without HTTP
One of the four directives is used for this:
- fastcgi_pass – reverse proxy to FastCGI server.
- uwsgi_pass – reverse proxy to uwsgi server.
- scgi_pass – reverse proxy to SCGI server.
- memcached_pass – reverse proxy to Memcached server.
For example, very often Nginx is used as a reverse proxy PHP-FPM:
server { # ... other directives location ~ .php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/php7.2-fpm.sock; } }
If you change the configuration file, be sure to restart the Nginx web server for the changes to take effect. If you still have questions, please contact our experts via live chat.